中圖分類號(hào): TP393.08 文獻(xiàn)標(biāo)識(shí)碼: A DOI: 10.19358/j.issn.2096-5133.2022.02.004 引用格式: 李實(shí),萬(wàn)佳蓉,林顯盛. 基于蜜罐的工控網(wǎng)絡(luò)安全防護(hù)技術(shù)研究進(jìn)展[J].信息技術(shù)與網(wǎng)絡(luò)安全,2022, 41(2):20-26,32.
Research progress of honeypot-based ICS security protection technology
Li Shi1,Wan Jiarong2,Lin Xiansheng3
(1.Daya Bay Nuclear Power Operations and Management Co.,Ltd.,Shenzhen 518124,China; 2.National Computer System Engineering Research Institute of China,Beijing 100083,China; 3.Guangzhou CSS Information Technology Co.,Ltd.,Guangzhou 510665,China)
Abstract: Industrial Control System(ICS) is the core of the industrial production process. With the increasingly severe international network security situation, more and more attackers are taking ICS as target and causing a series of terrible security events. As an active defense technology, honeypot for ICS are gradually becoming a research hotspot. On the basis of investigating existing related work, in this paper we sort out the current research content from the concepts of honeypot, key technologies of honeypot, application instances and development trends. Aiming at the architecture of DCS in nuclear power industrial, we investigate the virtualization technology of S7 protocol, operating system and other temptation traps in the Docker container, and design a simulation honeypot for the TXP system. In order to verify the protection effect of the honeypot system, the honeypot is deployed in the TXP system and the attack is simulated through scripts. The results show that the system can accurately capture the attack traffic, analyze and identify the content, successfully trick the attacker who illegally penetrated the intranet into the virtual environment composed of the honeynet and alarm user. Honeypot can comprehensively improve the threat perception ability of the TXP system to detect, record, and trace the attack behavior.
